Cookies - Is this possible?

[Guest]

Is it possible for a user to enable permanent cookies but disable session
cookies.....this seems like a contradition yet this is what I appear to be
reading in online articles?

 

[Guest]

I must be stupid, but I am picking up contradictions on how cookies are used
in sites. This dude says of Amazon:

Statement: "Amazon.com passes this test when it comes to the site being 100%
usable if one were to manually disable and delete cookies"
http://www.stickyminds.com/sitewide.asp?ObjectId=2935&Function=DETAILBROWSE&ObjectType=ART
He then says: . I was able to use all major aspects of the site-searching,
shopping cart, checkout functions-even though cookies were completely
disabled.

His conclusion:

It appears that state maintenance was being taken care of server-side, based
on the session ID at the end of the home page URL. For example, I chose the
Yamaha CD-ROM kit on the amazon home page and added it to my shopping cart.
The shopping cart page URL was
www.amazon.com/./one-click-thank-you-confirm/107-0357560-1728507. Changing
the rightmost digit from 7 to 8, and posting this edited URL, lost my
shopping cart and brought up the following error page, lending further
support to the probability of server-side state maintenance with a session
ID in the URL.

My Question:

How can 'state' be preserved on the server via a session ID if COOKIES ARE
DISABLED and DELETEd....

I thought if the user disabled cookies that blew if for Session Variables...

Could someone please tell me what I am missing here?

Thanks

Jason

 

[Bob Lehmann]

The id (107-0357560-1728507) is appended to the url, and then checked,
usually, against a value in a DB to keep track of the user.

Bob Lehmann

 

[Guest]

But is that ID not dependent on being retrieved iniitally from the user
machines cookie?

If cookies are disabled this ID would not be retrievable for later use on
the server?

 

[Bob Lehmann]

I'm not sure.

In this case, though, it looks like a GUID is being generated by the DB.

Bob Lehmann

 

[Guest]

You see, this cannot be possible, as his example is based on returning to
the home page of Amazon after he has disabled cookies...thus it is not
possible for the browser to know who he is unless it was pulling:

1. Cookie (but disabled, so impossible)
2. IP (But they would never do this method due to dynamic dhcp and aol user
implications of same ip)

Thus, something is screwed up with his explanation.

- Jason

 

[joker]

Also don't forget about us router users who share one IP address. We
may have 2+ people browsing the same site at the same time.

 

[Bob Lehmann]

It's not impossible. And, I don't think you understand what is going on
there.

This is what happens when a site chooses not to rely on cookies or sessions
for tracking users....

1. User enters site
2. A unique ID is assigned to the user, usually from a DB generated unique
ID
3. The unique id is stored in a DB
4. The unique ID is appended to *all* URLs to track the user, and passed
from page to page in the URL
5. If the unique ID is needed on a page, it is looked up in the DB and used
as a key in the DB for whatever transaction took place

You are making this cookies / no cookies problem way more difficult than it
needs to be.

You need to come up with some Use / Business Cases to determine if the no
cookie problem is really a problem to begin with. If no cookies will
severely impact your application, then code a solution that doesn't rely on
cookies. Don't add complexity developing 2 solutions to the problem

If there is bearable risk in not supporting the no-cookie folks, then direct
them to page that informs that accepting cookies are required, and let them
decide.

I'm not trying to be critical - You are obviously working very hard to do
whatever it is you are doing. But, you are lacking some fundamentals that
are causing you to go down paths trying to finding solutions to problems
that don't exist.

I suggest reading some basic literature on server-side programming and ASP.

Also, read this...
http://www.aspfaq.com/show.asp?id=2054

Bob Lehmann

 

[Guest]

Thanks for the advice - I appreciate it...

I now see what you were getting at....this is almost like starting a
'transcation' for a user based on db id to follow him around the site if
cookies are not enabled....

Just one question....I know that sql server does have a unique identifier
field...is this what is triggering the number or does the target page
activate an insert and then recall
the number for appendment on the url....

I wish I had seen this idea in my mind...I assumed from what I had read
online that cookies or cookie degradation was the only way...

I had also read Aaron's shopping car solution a while back but I though the
javascript could be an issue etc.....

ps: I find the wrox books okay but they usually have a lot of errors which
can also be a hinderance...

Thanks
Jason

 

[Bob Lehmann]

The scheme will vary on how the number is actually generated. Look in db.asp
from Aaron's cart. It has one way of generating the id.

Bob Lehmann